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PROBLEM P.BFIMIII0.M 


This research involves the development of a kno w 1 edg e- based 
fault-tolerant flight control system. The objective is to design 
a control system capable of accommodating a wide range of time- 
critical aircraft failures, including actuator, sensor, and 
structural failures. A software architecture is presented that 
integrates quantitative analytical redundancy techniques and 
heuristic expert system problem-solving concepts for the purpose 
of in-flight, real-time failure accommodation. 

The overall job of failure accommodation is broken down into 
five main tasks: executive control, failure detection, failure 
diagnosis, failure model estimation, and reconfiguration. The 
executive control task provides continual dynamic state 
estimation, feedback control calculations, and synchronization of 
the remaining tasks. The failure detection task monitors 
aircraft behavior and detects significant abnormalities. Failure 
diagnosis finds a list of aircraft components most likely to have 
caused the problem, while the failure model estimation task 
generates a mathematical model of the aircraft dynamics that 
reflects changes due to the failure. Finally, the 
reconfiguration task determines what action should be taken to 
correct the situation. 

In order to carry out its assigned tasks, the control system 
uses as building blocks powerful analytical techniques developed 
within the state-space environment of modern control theory. For 
example, the executive control task employs a Kalman Filter and a 
Linear-Quadratic Regulator for estimation and control. 
Innovation -based and Multiple Model algorithms are used in 
failure detection and failure model estimation, respectively. 
Additionally, a weighted left pseudo-inverse procedure is 
available for reconfiguration if needed. These quantitative 
methods provide effective solutions to certain aspects of the 
failure accommodation problem. 
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Because they are computationally intensive, however, these 
algorithms must be used judiciously if real-time fault- tolerance 
ultimately is to be achieved. Efficient scheduling and 
selection of tasks and subtasks thus becomes an overriding 
control system design factor. Moreover, these quantitative 
algorithms do not reflect the type of problem solving performed 
by pilots. For these reasons, the control system will benefit 
from the incorporation of a qualitative, heuristic reasoning 
capability. The research described here uses artificial 
intelligence techniques to combine the strengths of quantitative 
and qualitative reasoning for f aul t-toleran t flight control. 


FAILURE ACCOMMODATION TASK SAMPLE 


RECEIVE SENSOR MEASUREMENTS 
SELECT MODEL AND GAINS ^ 
ESTIMATE DYNAMIC STATES 
CALCULATE CONTROL COMMANDS 


DETECT FAILURE 
DIAGNOSE FAILURE 
ESTIMATE FAILURE MODEL 
RECONFIGURE MODEL AND GAINS 



DETERMINE NUMBER OF 
STUCK CONTROLS 

SELECT LQR GAINS 

DETERMINE NUMBER OF 
STUCK SENSORS 

SELECT KALMAN GAINS 


SEND CONTROL COMMANDS 
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E X PE R T Siam D ESCBIFIlOJi 


A rule-based back ward- cha ining expert systems approach is 
used to transform the problem of failure accommodation into a 
problem of search. The expert system is composed of a knowledge 
base and an inference engine. The knowledge base contains 
parameters that represent important variables and rules that 
relate parameters in the form of IF <PREMISE> THEN <ACTION> 
clauses . 


EXECUTIVE CONTROL KNOWLEDGE BASE SAMPLE 


RULE-E02 

IE 

THEN 

CONTROL COMMANDS ARE CALCULATED 
SEND CONTROL COMMANDS. 


RULE-E04 

IF 

THEN 

TRIM CONTROL COMMANDS ARE CALCULATED 
AND PERTURBATION CONTROL COMMANDS ARE CALCULATED 
CALCULATE CONTROL COMMANDS. 

RULE-E07 

IF 

THEN 

MODEL, CONTROLLER, AND ESTIMATOR ARE 
AND DYNAMIC STATES ARE ESTIMATED 
CALCULATE PERTURBATION CONTROL COMMANDS. 

READY 

RULE-E08 

IF 

THEN 

MODEL, CONTROLLER, AND ESTIMATOR ARE 
AND SENSOR MEASUREMENTS ARE RECEIVED 
ESTIMATE DYNAMIC STATES. 

READY 

RULE-E09 

IF 

THEN 

THIS RULE IS BEING TESTED 
RECEIVE SENSOR MEASUREMENTS. 


RULE- El 0 

IF 

THEN 

RECONFIGURATION IS NOT REQUESTED 

MODEL, CONTROLLER, AND ESTIMATOR ARE READY. 


ORIGIN AE 

OF POOR 


PAGE IS 
qUAJAT* 


EXECUTIVE CONTROL KNOWLEDGE BASE 
(PART I) 


I I/O ITERATION FINISHEDl 
TRUE 



TRUE 

1 CONTROL COMMANDS SENT 
TRUE 


TRUE 

| INDICATOR COMMANDS SENT | 
TRUE 


I 

TRUE 

I CONTROL COMMANDS CALCULATED | 
TRUE 


: 


TRUE 

i INDICATOR COMMANDS CALCULATED} 
TRUE 



EXECUTIVE CONTROL KNOWLEDGE BASE 
(PART II) 


MODEL, CONTROLLER, AND 
ESTIMATOR READY 


FALSE TRUE 


FALSE TRUE 


FALSE TRUE 


FALSE TRUE 


TRUE 


RECONFIGURATION 

REQUESTED 


RECONFIGURATION 

DETERMINED 


RECONFIGURATION 

IMPLEMENTED 


NONE NEW 
I FAILURE MODEL I 
NONE NEW 



; NONE NEW 
1 FAILURE DIAGNOSIS I 
NONE NEW 



NONE NEW 


FAILURE DETECT I OlT| 
NONE NEW 


TRUE 


FAILURE DETECTION 
REQUESTED 


TRUE* 


FALSE TRUE 
| FAILURE DETECTED"] 
FALSE TRUE 



SI i& INFERENCE ENGINE 


ISBPK3NAL PAGE 13 
OB POOR QUAT.tty 


The inference engine applies a given set of rules to problem- 
specific data assigned to parameters. With all no n- in i t i a 1 i zed 
parameter values assumed unknown, the act of trying to infer the 
value of a parameter, such as I/0-1TERAT ION-FINISHED, begins 
the search process. The estimation, control, and analytical 
redundancy algorithms reside as procedures in the actions of 
relevant rules, being executed when needed during the search. 
Presently, the knowledge base contains nearly 80 parameters and 
over 100 rules. 


DETERMINE VALUE OF <PARAMETER> 


TEST <RULE> 
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KNOWLEDGE BASE CONTENTS 


task parameters rules major subtasks 


EXECUTIVE CONTROL 23 
FAILURE DETECTION 8 
FAILURE DIAGNOSIS 2 
FAILURE MODEL ESTIMATION 14 
RECONFIGURATION 31 


31 KALMAN FILTER 

LINEAR QUADRATIC REGULATOR 

12 NORMALIZED INNOVATIONS MONITOR 

1 SIGNAL DEPENDENCY SEARCH 

(TO BE INCLUDED) 

20 MULTIPLE MODEL ALGORITHM 

37 LEFT PSEUDO -INVERSE 


CH-47 CONTROL VECTOR DEFINITION 




S IMULATION RESULTS 


Control system performance is evaluated through ground-based 
simulations of in-flight failures. Using a linear discrete 
deterministic dynamic model of a Boeing CH-47 tandem-rotor 
helicopter, the effect of biased and stuck sensors and controls 
is investigated. 

Failures are injected into the aircraft model at the 1.0 sec 
point of the simulation. When a sliding average of the nominal 
estimator normalized tracking error exceeds a preset threshold, 
the control system declares that a failure exists. Because rules 
for autonomous failure diagnosis and failure model hypothesis 
generation have yet to be included, the control system is given 
four failure model hypotheses at the end of time allotted for 
diagnosis. These hypotheses, to be used in the failure model 
estimation Multiple Model Algorithm, include the hypothesis 
representing no failure, the hypothesis representing the actual 
failure, and two hypotheses reflecting half and double the actual 
failure mode specification. 

In order to simulate eventual parallel processing on a single- 
processor computer, the asynchronous tasks of failure diagnosis 
and reconfiguration are artificially delayed 0.5 sec each, thus 
simulating 0.5 sec task completion times. Executive control, 
failure detection, and failure model estimation, on the other 
hand, are all designed to cycle through one full search per 
sampling interval, and therefore incur no artificial delay. 

The scheduling and selection of quantitative tasks occurs 
inherently within the expert system search process. A measure of 
the amount of search effort required to accomplish this 
scheduling and selection is indicated by the number of rules 
tested versus the number of parameters set during the search. 
Prior to beginning the search, all parameters without an initial 
value are assumed unknown. Rules are tested in an effort to set 
parameters, ultimately setting the top-level goal parameter. 
With a normalized search workload defined as the number of rules 
tested divided by the number of parameters set, it can be seen 
that tasks stressing selection over scheduling incur a higher 
workload, representing a lower search efficiency. 
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SIMULATED ACCOMMODATION OF BIASED CONTROL: 
LONGITUDINAL STATE & CONTROL TIME HISTORIES 



Forward Collective Pitch Control Biased 15 cm (9 t-l.Os 


SIMULATED ACCOMMODATION OF BIASED CONTROL: 
FAILURE DETECTION AND FAILURE MODEL ESTIMATION 
SEARCH RESULT TIME HISTORIES 



Time (s) 

Forward Collective Pitch Control Biased 15 cm (3 t-l.Oa 


OK,KHNAl< PAGE IS 

OE POOR QUALITY 
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SIMULATED ACCOMMODATION OF BIASED SENSOR: 
LONGITUDINAL STATE & CONTROL TIME HISTORIES 
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Pitch Rate Sensor Biased 0.18 rad/s @ t-l.( 



SIMULATED ACCOMMODATION OF BIASED SENSOR: 
FAILURE DETECTION S FAILURE MODEL ESTIMATION 
SEARCH RESULT TIME HISTORIES 
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Pitch Rate Sensor Biased 0.18 rad/s @ t-l.Os 
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SIMULATED ACCOMMODATION OF STUCK CONTROL 
LONGITUDINAL STATE & CONTROL TIME HISTORIES 



SIMULATED ACCOMMODATION OF STUCK CONTROL: 
FAILURE DETECTION & FAILURE MODEL ESTIMATION 


SEARCH RESULT TIME HISTORIES 
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SIMULATED ACCOMMODATION OF STUCK SENSOR; 
LONGITUDINAL STATE & CONTROL TIME . HISTORIES 



Pitch Rate Sensor Stuck 0.18 rad/s from Nominal (9 t-l.Os 


SIMULATED ACCOMMODATION OF STUCK SENSOR: 
FAILURE DETECTION & FAILURE MODEL ESTIMATION 
SEARCH RESULT TIME HISTORIES 
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Failure Hypotheses: 

0 

No Failure 

□ 

0 

Actual Failure 


9 

’Half' Actual Failure 

o 

A 

’Double’ Actual Failure 
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Pitch Rate Sensor Stuck 0.1B rad/s from Nominal @ t-l.Os 
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RESPONSE EALS-E. ALAEJ1 


A failure detection mechanism should be sensitive to dynamic 
abnormalities, yet have a low false alarm rate. Should a false 
alarm occur, however, the control system must be able to 
recognize that a mistake has been made without compounding the 
problem. Simulations producing a false alarm immediately 
following reconfiguration for a stuck sensor demonstrate this 
ability in the proposed control system. By estimating the 
failure model to be the one corresponding to the no-failure 
hypothesis, the expert system recognizes the mistake. and 
effectively suppresses any improper corrective action that might 
have otherwise taken place. 



84 



CONCLUSIONS 


An expert systems approach to f ault- tol erant flight control 
utilizing a rule-based backward-chaining search mechanism is an 
effective way to combine heuristic and analytical techniques. It 
allows the scheduling and selection of tasks to occur naturally 
within the action of rules, permits efficient flow of information 
between tasks, and allows the control system to be built 
incrementally . 

Although at an early stage of development, the control system 
performs well and appears to provide an architecture suited to 
the difficult job of failure accommodation. The issues of 
failure diagnosis, parallel processing, and accommodation of 
additional failure modes are to be addressed next. 


EXPERT SYSTEMS APPROACH ALLOWS 


• NATURAL SCHEDULING AND SELECTION OF 
EAI LURE -ACCOMMODATION TASKS 


• EFFICIENT FLOW OF INFORMATION BETWEEN TASKS 


• INCREMENTAL CONTROL SYSTEM GROWTH 
DURING DEVELOPMENT 
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